Skip to content

Add checks for POLICY_AUD #25769

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 10, 2025
Merged

Add checks for POLICY_AUD #25769

merged 2 commits into from
Oct 10, 2025

Conversation

@jillesme
Copy link
Contributor

@jillesme jillesme commented Oct 10, 2025

Summary

I followed https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/validating-json/#cloudflare-workers-example without setting the AUD environment variable on accident. That ends up omitting the audience verification entirely. It only verifies if the audience value is set to a truthy value. Even an empty string gets skipped (thanks JavaScript)

I skipped to Go example, because instead of reading from an environment variable, the audience is hard-coded in.

There is also https://github.com/cloudflare/cloudflare-docs/blob/production/src/content/changelog/workers/2025-10-03-one-click-access-for-workers.mdx -- which has the same example. I did not update that yet because I don't know how we feel about retroactively updating changelogs. Happy to update that too.

Screenshots (optional)

CleanShot 2025-10-10 at 13 24 27@2x

Documentation checklist

@jillesme jillesme requested review from a team, kennyj42 and ranbel as code owners October 10, 2025 18:28
@jroyal
Copy link
Contributor

jroyal commented Oct 10, 2025

lgtm

@jillesme jillesme requested a review from a team as a code owner October 10, 2025 18:31
@kodster28 kodster28 enabled auto-merge (squash) October 10, 2025 18:33
@kennyj42 kennyj42 requested a review from jroyal October 10, 2025 18:33
@kodster28 kodster28 disabled auto-merge October 10, 2025 18:34
@kodster28 kodster28 enabled auto-merge (squash) October 10, 2025 18:42
@kodster28 kodster28 merged commit d1dfd54 into cloudflare:production Oct 10, 2025
2 checks passed
@workers-devprod workers-devprod added the contribution [Holopin] Recognizes a docs contribution, big or small label Oct 10, 2025
@holopin-bot
Copy link

holopin-bot bot commented Oct 10, 2025

Congratulations @jillesme, the maintainer of this repository has issued you a holobyte! Here it is: https://holopin.io/holobyte/cmgl76nw700gdk104nb82b62c

This badge can only be claimed by you, so make sure that your GitHub account is linked to your Holopin account. You can manage those preferences here: https://holopin.io/account.
Or if you're new to Holopin, you can simply sign up with GitHub, which will do the trick!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kodster28 kodster28 kodster28 approved these changes

@kennyj42 kennyj42 Awaiting requested review from kennyj42 kennyj42 is a code owner

@ranbel ranbel Awaiting requested review from ranbel ranbel is a code owner

+1 more reviewer

@jroyal jroyal jroyal approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@kennyj42 kennyj42

@ranbel ranbel

Labels

contribution [Holopin] Recognizes a docs contribution, big or small October 2025 product:cloudflare-one size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@jillesme @jroyal @kodster28 @kennyj42 @ranbel @workers-devprod